IAM Best Practices- AWS
Step 1- Login to the Console
1. Visit
https://aws.amazon.com/console;
2. Choose Sign in to the console.
3. Choose Root user. Enter the Root user email address.
4. Choose Next
5. Enter the Password for the root user. Choose Sign in.
Step 2- Enable MFA (optional)
6. Atthe top right, choose your account name. Then choose My Security Credentials
from the drop down menu.
7. Expand Multi-factor authentication (MFA). Choose Activate MFA.
8. On the Manage MFA device pop-up window. Choose Virtual MFA device and choose
Continue.
Note: You will need a virtual MFA application installed on your device or computer. You can
see a list of applications on step 1 on the Set up virtual MFA device pop-up window. There is
a hyperlink which shows a list of compatible applications. Before continuing to the next step
make sure you have one of these applications installed on your mobile device or computer.
9. Choose Show QR code and scan the code using your device
Note: If you are using a computer you can choose Show secret key and type the secret key
into your MFA application.
10. Type the first MFA code into the MFA code 1 field. Then type the second generated
number into the MFA code 2 field. Choose Assign MFA.
11. You should see a pop-up indicating that you have successfully assigned a virtual MFA
device. Choose Close.
12. Expand Access keys (access key ID and secret access key)
Note: There should be no access keys listed. If an access key exists (for your new account)
choose Delete under Actions. Choose Deactivate. Enter in the access key ID in the
confirmation field. Choose Delete.
Step 3- Create an IAM user
13. In the service search bar, type in Identity and Access Management (IAM) dashboard.
On the left side panel, choose Users.
14. Choose Add user. Paste in Admin for the User name. Next to Access type, choose
Programmatic access and AWS Management Console access.
15. Choose Add user. Paste in Admin for the User name. Next to Access type, choose
Programmatic access and AWS Management Console access.
16. Uncheck Require password reset.
17. Choose Next: Permissions.18. Choose Attach existing policies directly. Next to Filter policies, search for
administrator. Under Policy name, choose AdministratorAccess. Choose Next: Tags.
19. Choose Next: Review. Choose Create user.
20. You can signin with the new IAM user by clicking the hyperlink at the bottom of the
Success window.
Note: It should look similar to the following:
https://000000000000.signin.aws.amazon.com/console. Your account number will be
different :)
21. Log in using the Admin user and password that you created.
Step 4- Set up an IAM role for EC2 instance
22. Now that you are logged in as the Admin user, search for |AM again in the service
search bar. Onthe left side panel, choose Roles. Then, choose Create role.
23. Choose AWS service. Choose EC2. Choose Next: Permissions.
24. Next to Filter policies, search for amazons3full and choose AmazonS3FullAccess.
25. Next to Filter policies search for amazondynamodb and choose
AmazonDynamoDBFullAccess.
26. Choose Next: Tags. Choose Next: Review.
27. For Role name paste in $3DynamoDBFullAccessRole. Choose Create role. Note: Using
full access pol 1g recommended you should do in a production
environment. We are using these policies as a proof of concept to get your demo
up and running quickly. Once your Amazon $3 bucket and Amazon DynamoDB
table are created, you can come back and modify this IAM Role to have more
specific and restrictive permissions. More on this later.
s are not somet
Congratulations you successfully completed the exercise... Se Se Se
8 \fyou read something interesting from this article, please like and follow me for more
posts